Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Alarms

    With AppFormix Alarms, you can configure an alarm to be generated when a condition is met in the infrastructure. The AppFormix Agent watches Metrics at each host, analyzing the raw data for conditions of alarms that apply to that host and the instances running on that host. By analyzing data at the source of collection, AppFormix efficiently scales with your infrastructure. The following video provides an overview of the AppFormix alarms.

    Video 1: AppFormix Alarms

    Each alarm applies to a specified scope that identifies the type of entity to monitor for a condition. Entity type may be host, instance, or service. For a particular entity type, you select a set of entities to which an alarm rule applies. For example, when selecting the host scope, you can configure an alarm to apply to all hosts in the infrastructure or to all hosts in a specified host aggregate.

    AppFormix offers two types of thresholds for alarms:

    Static thresholdCompare measurements to a fixed threshold.
    Dynamic thresholdCompare measurements against historical trends for a set of resources.

    How Alarms Work

    AppFormix Agent continuously collects measurements of raw metrics (see Metrics) for a host and its instances. For a particular alarm, the agent aggregates the samples according to a user-specified function (average, standard deviation, min, max, sum) and produces a single measurement for each user-specified interval. The agent compares each measurement to a threshold. For an alarm with a static threshold, a measurement is compared to a fixed value using a user-specified comparison function (above, below, equal). For dynamic thresholds, a measurement is compared with a value learned by AppFormix over time.

    Dynamic Thresholds

    Dynamic thresholds enable outlier detection in resource consumption based on historical trends. Resource consumption may vary significantly at various hours of the day and days of the week. This makes it difficult to set a static threshold for a metric. For example, 70% CPU usage may be considered normal for Monday mornings between 10:00 AM and 12:00 PM, but the same amount of CPU usage may be considered abnormally high for Saturday nights between 9:00 PM and 10:00 PM.

    With dynamic thresholds, AppFormix learns trends in metrics across all resources in scope to which an alarm applies. For example, if an alarm is configured for a host aggregate, AppFormix learns a baseline from metric values collected for hosts in that aggregate. Similarly, an alarm with a dynamic threshold configured for a project learns a baseline from metric values collected for instances in that project. Then, the agent generates an alarm when a measurement deviates from the baseline value learned for a particular time period.

    When creating an alarm with a dynamic threshold, you select a metric, a period of time over which to establish a baseline, and the sensitivity to measurements that deviate from the baseline. The sensitivity can be configured as high, medium, or low. Higher sensitivity will report smaller deviations from the baseline and vice versa.

    Alarm Modes

    An alarm also has a mode: alert or event. When configured as an alert, AppFormix Agent sends notification on the message bus whenever the state of the alert changes. The alert will initially be in learning state until AppFormix Agent has collected enough data to evaluate the conditions of the alert. An alert is active when conditions of the alarm are met, and inactive when the conditions are not met.

    When configured as an event, AppFormix Agent sends notifications on the message bus for each interval in which the conditions of the alarm are met.

    As an example, consider an alarm for average CPU usage above 90% over an interval of 60 seconds. If the alarm mode is alert, then a notification will be sent when the alarm becomes active at time T1. When the CPU drops below 90% at time T5, a notification is sent that the alert is inactive.

    If the same alarm is configured in event mode, then a notification is sent for each of the five intervals in which the CPU load exceeds 90%.

    Each alarm becomes part of the monitoring policy applied to resources in the infrastructure. When configuring an alarm, you choose the scope to which the alarm applies: host, instance, service. Further, for a particular scope type, a subset of the resources of that type can be selected. When the scope is host, you can select all hosts or hosts that belong to a specified host aggregate. When scope is Instance, you must select a project for which the alarm will be configured. Any new resource that matches the scope will have the alarm automatically configured.

    For example, you configure an alarm with Instance scope for a given project. Afterward, when a instance is created in that project, the controller will configure the alarm for the new Instance.

    Configure Alarms

    To configure an alarm:

    1. Select Alarms.
    2. Select Add alarm.

      The Alarm Input pane is displayed. Figure 1 shows the Alarm Input pane.

      Figure 1: Alarm Input Pane

      Alarm Input Pane

      The basic configuration settings for an alarm are:

      NameA name that identifies the alarm. The name is displayed in the Dashboard and is the identifier for external notifications systems.
      ScopeType of resource to which an alarm applies (host or instance).
      AggregateSet of resources to which the alarm applies.
      ModeType of mode to which the alarm applies (alert or event).
      MetricSee Metrics.
      Aggregation FunctionHow the agent combines samples during each measurement interval (average, max, min, sum, standard deviation).
      Comparison FunctionHow to compare a measurement with the threshold (above, below, equal).
      ThresholdValue by which to compare a metric measurement. Units for the threshold are determined by the metric type.
      IntervalDuration of the measurement interval in seconds.

    Modified: 2017-11-10